Abnormal Security Data Privacy Framework Notice
Last Updated January 12, 2024
Abnormal Security Corporation (“Abnormal”) complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (EU-U.S. DPF, UK Extension, and the Swiss-U.S. DPF, collectively, the “DPF” or “Data Protection Framework”) as set forth by the U.S. Department of Commerce regarding the processing of personal data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland in reliance on the DPF. Abnormal has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with respect to such personal data. If there is any conflict between the terms in this privacy notice and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Abnormal’s certification, please visit https://www.dataprivacyframework.gov/.
Abnormal has mechanisms in place designed to help assure compliance with the DPF Principles. Abnormal conducts an annual self-assessment of its personal data processing practices to verify that the attestations and assertions Abnormal makes about its DPF privacy practices are true and that Abnormal’s privacy practices have been implemented as represented and in accordance with the DPF Principles.
In compliance with the Data Privacy Framework, Abnormal commits to resolve complaints about its collection and use of the personal information received in reliance on the DPF. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF should first contact Abnormal at firstname.lastname@example.org with the subject “Data Privacy Framework”. In compliance with the Data Privacy Framework, Abnormal commits to refer unresolved complaints concerning our handling of personal data received in reliance on the DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your Data Privacy Framework Principles-related complaint from us, or if we have not addressed your Data Privacy Framework Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Abnormal nor our dispute resolution provider resolves your complaint, you may have the possibility, under certain conditions, to invoke binding arbitration through the Data Privacy Framework Panel.
Abnormal is responsible for personal data that we receive under the Data Privacy Framework, including where it transfers such personal data to a third party acting as our agent. Abnormal complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions, unless Abnormal proves that it is not responsible for the event giving rise to damage. Please be aware that we may be required to disclose personal data that we receive under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The Federal Trade Commission has jurisdiction over Abnormal’s compliance with the Data Privacy Framework.